A complex password improves security by preventing password guessing attacks. Sentinel provides a set of password validation rules that help you maintain a complex password for all local user passwords. You can select the desired validation rules as applicable for your environment.
You can configure the password validation rules in the /etc/opt/novell/sentinel/config/passwordrules.properties file. The validation rules apply only to the local user passwords and not LDAP user passwords. For existing users, validation rules apply only after the users update their password.
By default, all the validation rules are disabled and commented with #. To enable validation rules, uncomment the rules, specify the values for the rules, and save the file.
The following table describes the password complexity validation rules:
Table 4-1 Password Complexity Rules
|
Validation Rule |
Description |
|---|---|
|
MINIMUM_PASSWORD_LENGTH |
Specifies the minimum number of characters required in a password. |
|
MAXIMUM_PASSWORD_LENGTH |
Specifies the maximum number of characters allowed in a password. |
|
UNIQUE_CHARACTER_LENGTH |
Specifies the minimum number of unique characters required in a password. For example, if the UNIQUE_CHARACTER_LENGTH value is 6 and a user specifies the password as "aaaabbccc", the Sentinel does not validate the password because it contains only 3 unique characters a, b, and c. |
|
LOWER_CASE_CHARACTERS_COUNT |
Specifies the minimum number of lowercase characters required in a password. |
|
UPPER_CASE_CHARACTERS_COUNT |
Specifies the minimum number of uppercase characters required in a password. |
|
ALPHABET_CHARACTERS_COUNT |
Specifies the minimum number of alphabetic characters required in a password. |
|
NUMERIC_CHARACTERS_COUNT |
Specifies the minimum number of numeric characters required in a password. |
|
NON_ALPHA_NUMERIC_CHARACTERS_COUNT |
Specifies the minimum number of non-alphanumeric or special characters required in a password. The rule considers only the following non-alphanumeric characters: ` ~ ! @ # $ % ^ & * ( ) - _ = + [ { ] } \ | ; : ' " < , > . / ? |
|
RESTRICTED_WORDS_IN_PASSWORD |
Specifies the words that are not allowed in a password. The restricted words are case-insensitive. You can specify multiple words separated by a comma. For example,RESTRICTED_WORDS_IN_PASSWORD= admin,password,test |